Get suppressed vulnerabilities based on componentId/vulnerabilityName or both, either of them is mandatory.Only the system administrator has the permission to do this operation.
OK
Bad Request
Unauthorized
Internal Server Error
{- "itemNumber": 0,
- "suppressId": 0,
- "suppressionScope": "string",
- "vulnerabilityId": 0,
- "vulnerabilityName": "string",
- "componentId": 0,
- "componentName": "string",
- "suppressedBy": "string",
- "suppressedDate": "string",
- "suppressionDetails": [
- {
- "projectId": 0,
- "state": "string",
- "justification": "string",
- "response": "string"
}
], - "componentVersionIds": [
- 0
]
}Suppress vulnerability for component version(s). System administrator only has permission for global suppression, while Developer/Security contact have permission for project-specific suppression.
Note: For GLOBAL level suppression, providing suppression details is not necessary. These details are only required for PROJECT level suppression and will be ignored if provided in the GLOBAL scope.
Input model to suppress vulnerability for component versions.
OK
Bad Request
Unauthorized
Internal Server Error
{- "componentId": 1,
- "versionIds": [
- 0
], - "vulnerabilityName": "Vulnerability Name",
- "reason": "FALSE_POSITIVE|REMEDIATED|OTHER",
- "remarks": "Remarks to Suppress Vulnerability",
- "versionScope": "SPECIFIC_VERSIONS|ALL_CURRENT_VERSIONS",
- "suppressionScope": "GLOBAL|PROJECT",
- "suppressionDetails": {
- "projectId": 123,
- "state": "RESOLVED|RESOLVED_WITH_PEDIGREE|EXPLOITABLE|IN_TRIAGE|FALSE_POSITIVE",
- "justification": "CODE_NOT_PRESENT|CODE_NOT_REACHABLE|REQUIRES_CONFIGURATION|REQUIRES_DEPENDENCY|REQUIRES_ENVIRONMENT|PROTECTED_BY_COMPILER|PROTECTED_AT_RUNTIME|PROTECTED_AT_PERIMETER|PROTECTED_BY_MITIGATING_CONTROL",
- "response": "CAN_NOT_FIX|WILL_NOT_FIX|UPDATE|ROLLBACK|WORKAROUND_AVAILABLE"
}
}{- "componentId": 1,
- "versionIds": [
- 0
], - "vulnerabilityName": "Vulnerability Name",
- "reason": "FALSE_POSITIVE|REMEDIATED|OTHER",
- "remarks": "Remarks to Suppress Vulnerability",
- "versionScope": "SPECIFIC_VERSIONS|ALL_CURRENT_VERSIONS",
- "suppressionScope": "GLOBAL|PROJECT",
- "suppressionDetails": {
- "projectId": 123,
- "state": "RESOLVED|RESOLVED_WITH_PEDIGREE|EXPLOITABLE|IN_TRIAGE|FALSE_POSITIVE",
- "justification": "CODE_NOT_PRESENT|CODE_NOT_REACHABLE|REQUIRES_CONFIGURATION|REQUIRES_DEPENDENCY|REQUIRES_ENVIRONMENT|PROTECTED_BY_COMPILER|PROTECTED_AT_RUNTIME|PROTECTED_AT_PERIMETER|PROTECTED_BY_MITIGATING_CONTROL",
- "response": "CAN_NOT_FIX|WILL_NOT_FIX|UPDATE|ROLLBACK|WORKAROUND_AVAILABLE"
}
}Get vulnerability suppress details. Provide suppressId/versionId or both as inputs, either of them is mandatory.Only the system administrator has the permission to do this operation.
OK
Bad Request
Unauthorized
Internal Server Error
{- "suppressId": 0,
- "vulnerabilityName": "string",
- "componentName": "string",
- "versionId": 0,
- "versionName": "string",
- "suppressedReason": "string",
- "suppressedRemarks": "string",
- "suppressedBy": "string",
- "suppressedDate": "string"
}UnSuppress a vulnerability for given component versions. System administrator only has permission for Global un-suppression, while Developer/Security contact have permission for Project-specific un-suppression.
Note: If a project ID is provided, the un-suppression occurs at the PROJECT level, otherwise, it happens at the GLOBAL level.
Input model to unSuppress vulnerability
OK
Bad Request
Unauthorized
Not Found
Internal Server Error
{- "vulnerabilityName": "Vulnerability Name",
- "componentId": 1,
- "versionIds": [
- 0
], - "remarks": "Remarks to Unsuppress Vulnerability",
- "projectId": 1
}